MotW, SmartScreen and how to bypass it using good old DLL Hijacks
How Mark of the Web and Defender SmartScreen try to stop phishing payloads, and why sideloading an unsigned DLL next to a signed, reputable binary walks straight past both.
read →#Malware
6 posts
ESET Wiper - Hey ESET, wait for the leak..
I've reversed engineered the ESET Wiper targeting ESET's exclusive partner in Israel to send phishing emails to Israeli businesses. See this article on bleepingcomputer.com.
Zero2Automated Advanced Malware Analysis Course - Certification
I've done the Zero2Automated Advanced Malware Analysis Course over the last few months and have now finally passed the exam!
Hiding between opcode bytes - GUloader-like string obfuscation in Rust
I recently came across the GULoader malware family with its string obfuscation and wondered if one can build a similar technique in Rust.
Zero2Automated - Custom Sample
My write-up for the first custom sample of the zero2automated course.
read →Writing a simple self-injecting packer
Writing a simple self-injecting packer for evading Windows Defender detection.
read →